import { buildMessage, validate, ValidateBy, ValidationOptions } from 'class-validator';

function preventXss(value: string) {
    return /<script\b\S*>|document.createElement|setsttribute('type', 'text\/javascript')|<a \S*/gis.test(value)
}

// 用户输入的内容xss攻击预防
export function IsScriptContent(validationOptions?: ValidationOptions): PropertyDecorator {
    return ValidateBy({
        name: "IsXss",
        validator: {
            validate: (value): boolean => !preventXss(value),
            defaultMessage: buildMessage(
                (eachPrefix) => eachPrefix + "$property's a non-integer in the array",
                validationOptions,
            ),
        }
    }, validationOptions)
}